Severity Rating: MEDIUM
Software Affected
Entity Registration module version prior 7.1.9
Overview
A
vulnerability has been reported in Entity registration module of Drupal
which could allow an attacker to bypass security restrictions on
targeted system.
Description
This
vulnerability exists in the Entity registration module due to
insufficient restrict update access. An attacker could exploit this
vulnerability with "update own [registration type]" permission to gain
unauthorized access.
Successful exploitation of this vulnerability could allow an attacker to bypass and manage security restrictions.
Solution
Apply appropriate upgrade as mentioned:
Vendor Information
Drupal
References
Drupal
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.